# xian-policy.hcl
path "secret/data/xian/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "transit/encrypt/xian-key" {
  capabilities = ["update"]
}

path "transit/decrypt/xian-key" {
  capabilities = ["update"]
}

path "database/creds/xian-role" {
  capabilities = ["read"]
}